How 3CLogic Used Tugboat to Get SOC 2 Certified and Shift Security Left

The breadth and depth of your customer success team’s knowledge along with the Tugboat platform made for
a very powerful combination. That has been one of the strong suits of your offering.”

-Raj Chouta, Sr. Manager, Security & Compliance

Challenges

Gain SOC 2 and a better security posture without all the pain.

When Global 2000 and Inc 5000 enterprise organizations need the right platform to improve their call centers’ ROI and overall customer experience, they call on 3CLogic.

3CLogic’s enterprise-grade SaaS platform and award-winning customer service not only streamline their customers’ call center operations, but also improves call center agent productivity – a win-win-win for everyone involved.

And as 3CLogic continues to grow and expand its services to a broader and global customer base, they realized they needed a better way to continue to manage and expand their compliance certifications efforts. As Raj Chouta, Sr. Manager, Security & Compliance puts it, “all industries are focused on security in this digital age we all operate and live in.” When evaluating call center SaaS platforms, prospects and customers for example many “frequently use SOC 2 certifications as a baseline.”

To match their need for project management and speed, Raj outlined what was most important to him, Manraj Brar (InfoSec Officer), and the 3CLogic team:

“Compliance isn’t something that is necessarily riveting or exciting, right? A certification has its fair share of challenges and things that need to be considered. And so we wanted a tool that would work as a guide, and not necessarily as something that is just going to be there to collect things. We also wanted something that could identify potential gaps in how we operate today or in the future as regulations evolve or change.”

And as if they didn’t have enough to do, Raj and Manraj needed to “optimize the list of active employees that had access to applications [they] had.” Raj expanded on this:

Everything is on our cloud and we wanted a simpler and more centralized way to manage assets and access where we could quickly do so from one convenient and centralized space. With Tugboat’s OBOB [On/Offboarding] integration, that was a big help to us.”


“We needed something that was intuitive enough that would instruct us how to get something addressed vs. just telling us ‘These are the things that need to be done. Good luck. Go deal with it.”
-Raj Chouta, Sr. Manager, Security & Compliance

Solution

Easy to use platform + support from an ex-PwC auditor = “a very powerful combination.”

“Very early on, I have to say I liked the Tugboat platform because it was very easy to use – that was a major factor for us,” explained Raj.

Manraj echoed Raj’s sentiments: “It’s been really, really easy. Comparing another platform to Tugboat, where we worked at that for a little bit and found out it just wasn’t as user-friendly. It literally told us, ‘Hey, this is what you need to do. Go do it.’ Whereas with Tugboat, we’re able to go in and upload whatever we need.”

Another major consideration for them was “the support that comes with the product.” According to Raj, “that was something we did not get from some of the other options we considered.” Fortunately for Raj and the 3CLogic team, they got that high caliber of support and assurance from Susan Worthington, their Senior Customer Success Manager who has 20+ years of compliance experience and stints at Deloitte and PwC.

“Susan has been just phenomenal,” said Raj. “I have to say that in being the face of Tugboat to us, she’s done a fabulous job in giving us feature overviews and teaching us how to work with the controls. Susan with the Tugboat platform made for a very powerful combination. That has been one of the strong suits of your offering.”

Manraj added, “Communication has been awesome. That’s one thing that a lot of different companies lack, and you guys have not lacked that in any way. Anything we’ve asked for, or requested input on, or anything of that sort, you guys get back to us immediately.

Raj goes on, “It’s not just about building an AI-rich tool. You also need to have the people part, right? You need to have the folks that are so familiar with compliance that they can do this in their sleep. And we definitely didn’t have that kind of expertise going in, so we were looking to get something that would help us understand and assess, ‘Okay, how do we deal with this?’”

For Raj and the team, making sure they had reliable expertise to scaffold their security and compliance program was the last major consideration for them. As Raj explained, “We didn’t want to get certified for the sake of getting certified. We actually wanted to identify gaps and Tugboat helped us with identifying where improvements could be made.”


“We got certified pretty quickly. We started six months ago and we already have our Type 1. It’s a huge thanks to you guys as well and Raj since obviously we couldn’t have done it. It has been a pleasure to work with you guys – that’s definitely for sure.”
-Manraj Brar, InfoSec Officer

Results

Getting SOC 2 certified and shifting security left.

Given the platform’s ease of use, complete guidance, and the rapid-response support from Susan, the 3CLogic team decided to adopt Tugboat. And before they could even start figuring out “how to get an audit firm that’s familiar enough to use Tugboat’s features and can help us with getting certified,” the Tugboat customer success team gave them a list of auditors to pick from. 3CLogic ended up partnering with Marcum, one of the largest independent accounting firms in the US.

For Raj and the team, that immediate collaboration with Marcum “was something that impressed us right away”. Raj goes on, “We were really appreciative of that” because it made the entire SOC 2 readiness and audit process smooth from start to finish.

As for preparing for the audit itself? Here’s how it went according to Manraj:

“With Tugboat, we’re able to go in and upload whatever we need. The auditor comes in, looks at it. If there’s any questions, he comes back, we answer it – that’s literally how we did it for the past few months. We got certified pretty quickly. Considering before we signed with Tugboat, we had been trying to get SOC 2 certified for about a year, doing little by little and trying out different things. Like Raj said, he started six months ago and we already have our Type 1. It’s a huge thanks to you guys as well and Raj since obviously we couldn’t have done it. It has been a pleasure to work with you guys – that’s definitely for sure.”

Raj added: “We have learned a lot between both Susan and Chris Schaffer from Marcum because they do work on ways to give us the full context, provide evidence tasks, and explain why it’s relevant. So for us, getting that guidance makes a big difference as we continue to grow and processes, product, and regulations change. Any support we can get, any clarification, we can then share that with our teams, too.”

The constant feedback and education loop of security and compliance (and the broader shifting left of security) that Raj and Manraj have built at 3CLogic is no small feat. As Raj explained,

“Right now we have a different approach to security. We want to be better at how
we do things like protecting the code, so our approach now involves processes like looking closely at our infrastructure while the compliance side of things is attesting to the fact that ‘Yes, we have grown significantly.’ It’s more like a badge that we can wear on the outside to assure our customers that we are doing things the right way and here is the proof of it.

So Tugboat helped identify some of those gaps. And internally, there was some pushback, but eventually people understood that, ‘Hey, we need to be doing this a little differently, especially if we are going to work on getting some additional certifications down the road.’”

Looking back at how much Raj and Manraj accomplished in less than a year after partnering with Tugboat and Marcum, you can’t help but ask, “Is there anything this dynamic duo of security can’t do?”


Tugboat Logic takes the misery and mystery out of passing security audits like SOC 2 and ISO 27001 so you can slay more deals and stay secure. From start-ups like 3CLogic to Fortune 500 companies like Schneider Electric, we’ve got your back like chiroprac.

Check out the PDF version of 3CLogic’s Case Study.

And to take the suck out of SOC 2 and get those SOC 2 socks, schedule time to see the platform in action, or create a trial account to get started on your SOC 2 (or any other) certification. Note that your trial account is exactly the same thing that our customers use, so what you see is what you get.

Related Articles

Security Awareness Training: Montage Optional

Security Awareness Training: Montage Optional

Creating a plan for Security Awareness Training is only half the battle. Implementing and ensuring that your employees follow that plan regularly is the key to implementing this control. Also, investing in training and security awareness programs is vital for sustainable business growth and success.

read more
Employee Training Plan: Good Plans Go A Long Way

Employee Training Plan: Good Plans Go A Long Way

How you train your employees will largely determine their effectiveness and adherence to company policies. While many practices can be common sense and their skills catered specifically to the job they were hired to perform, a training plan can go a long way to ensure that elements of your organization stay safe, secure and run as smoothly as possible.

read more

0 Comments

Submit a Comment

Pin It on Pinterest

Share This